Cipher-suite negotiation for DNSSEC: Hop-by-hop or end-to-end?

Amir Herzberg, Haya Shulman

Research output: Contribution to journalArticlepeer-review

5 Scopus citations

Abstract

To ensure the best security and efficiency, cryptographic protocols such as Transport Layer Security and IPsec should let parties negotiate the use of the 'best' cryptographic algorithms; this is referred to as cipher-suite negotiation. However, cipher-suite negotiation is lacking in DNS Security Extensions (DNSSEC), introducing several problems. To address these issues, the authors propose two designs: hop-by-hop and end-to-end cipher-suite negotiation. They compare these two approaches with respect to efficiency, ease of deployment, changes each would require of the existing infrastructure, and compatibility with the legacy DNS infrastructure and caches.

Original languageEnglish
Article number7031814
Pages (from-to)80-84
Number of pages5
JournalIEEE Internet Computing
Volume19
Issue number1
DOIs
StatePublished - Jan 2015

Bibliographical note

Publisher Copyright:
© 1997-2012 IEEE.

Funding

FundersFunder number
Ministry of Science and Technology

    Keywords

    • DNS security
    • DNSSEC
    • adoption obstacles
    • cipher-suite negotiation
    • denial of service attacks
    • interoperability challenges

    Fingerprint

    Dive into the research topics of 'Cipher-suite negotiation for DNSSEC: Hop-by-hop or end-to-end?'. Together they form a unique fingerprint.

    Cite this